That you proxy refused you connections is correct. You forgot to define an acl and allow it. Something like : acl internal-net 192.168.x.0/.24 and > http_access allow localhost http_access allow internal-net > http_access deny all Greetz, Louis > -----Oorspronkelijk bericht----- > Van: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens > adego70@xxxxxxxxx > Verzonden: donderdag 18 augustus 2016 15:56 > Aan: squid-users@xxxxxxxxxxxxxxxxxxxxx > Onderwerp: HTTPS - THE PROXY SERVER IS REFUSING CONNECTIONS > Urgentie: Hoog > > Hello, > > My request concerns SQUID v.3.4.8 > I'm using : > - DEBIAN Jessie > - Firefox 48.0 > - simple home network > > Actually, I whitelist some http(s) domains with SQUID. > > My problem is : > when I want to go with firefox to any httpS domain which is not > whitelisted, > I obtain this error message : "THE PROXY SERVER IS REFUSING CONNECTIONS" > (example : > "https://www.pntbrother.com/wp- > content/uploads/2014/11/proxy_server_refusing > _connection.jpg ") > And I have to find a solution for showing the usual HTML error page from > SQUID (the page I can custom, example : " > http://cdn.krizna.com/wp- > content/uploads/2012/08/squid_proxy_server_block.jp > g ") > > > Here is my "squid.conf" : > acl whitelist_prim dstdomain "/etc/squid3/whitelist_primaire" > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost manager > http_access deny manager > > http_access allow whitelist_prim > > http_access allow localhost > http_access deny all > http_port 3128 > coredump_dir /var/spool/squid3 > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > > > Here is my " whitelist_primaire" file : > .google.com > .google.fr > .bing.com > .ubuntuforums.org > .squid-cache.org > .facebook.com > > Here is the result of " sudo tail -f /var/log/squid3/access.log " for this > url https://www.waze.com : > 1471512108.462 1 192.168.0.14 TCP_DENIED/403 3628 CONNECT > www.waze.com:443 - HIER_NONE/- text/html > > > I already try "deny_info" ( there > :http://digitizor.com/how-to-change-the-default-error-document-pages-in- > squi > d/ ), but without success. > > Is it possible to have a solution (with simple solution : ACLs...) for > httpS > domains ? > > Any advice will be appreciated. > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
